Anfälligkeitssuche        Suche in 187964 CVE Beschreibungen
und 85075 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.902246
Kategorie:Windows
Titel:Microsoft Internet Explorer 'toStaticHTML()' Cross Site Scripting Vulnerability
Zusammenfassung:This host is installed with Internet Explorer and is prone to; cross site scripting vulnerability.;; This NVT has been replaced by OID:1.3.6.1.4.1.25623.1.0.901162.
Beschreibung:Summary:
This host is installed with Internet Explorer and is prone to
cross site scripting vulnerability.

This NVT has been replaced by OID:1.3.6.1.4.1.25623.1.0.901162.

Vulnerability Insight:
The flaw is due to error in the 'toStaticHTML()' which is not
properly handling the 'Cascading Style Sheets (CSS)'.

Vulnerability Impact:
Successful exploitation will allow remote attackers to bypass the
cross-site scripting (XSS) protection mechanism and conduct XSS attacks.

Affected Software/OS:
Microsoft Internet Explorer version 8.x to 8.0.6001.18702.

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2010-3324
Cert/CC Advisory: TA10-285A
http://www.us-cert.gov/cas/techalerts/TA10-285A.html
http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0179.html
http://www.wooyun.org/bug.php?action=view&id=189
Microsoft Security Bulletin: MS10-071
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-071
Microsoft Security Bulletin: MS10-072
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-072
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7297
CopyrightCopyright (C) 2010 SecPod

Dies ist nur einer von 85075 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.